-
Notifications
You must be signed in to change notification settings - Fork 3
156 lines (133 loc) · 5.74 KB
/
deploy.yml
File metadata and controls
156 lines (133 loc) · 5.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
name: deploy
env:
IMAGE_NAME: tt_backend
on:
push:
paths:
- ".github/workflows/**"
- "src/**"
- "build.gradle"
- "settings.gradle"
- "build.gradle.kts"
- "settings.gradle.kts"
- "gradle/**"
- "gradlew"
- "gradlew.bat"
- "Dockerfile"
- "docker/**"
branches:
- develop
permissions:
contents: write
packages: write
jobs:
makeTagAndRelease:
runs-on: ubuntu-latest
outputs:
tag_name: ${{ steps.create_tag.outputs.new_tag }}
steps:
- uses: actions/checkout@v4
- name: Create Tag
id: create_tag
uses: mathieudutour/github-tag-action@v6.2
with:
github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
with:
tag_name: ${{ steps.create_tag.outputs.new_tag }}
release_name: Release ${{ steps.create_tag.outputs.new_tag }}
body: ${{ steps.create_tag.outputs.changelog }}
draft: false
prerelease: false
buildImageAndPush:
name: 도커 이미지 빌드와 푸시
needs: makeTagAndRelease
runs-on: ubuntu-latest
outputs:
owner_lc: ${{ steps.export_owner.outputs.owner_lc }}
image_name: ${{ steps.export_image.outputs.image_name }}
steps:
- uses: actions/checkout@v4
- name: Docker Buildx 설치
uses: docker/setup-buildx-action@v2
- name: 레지스트리 로그인
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- name: set lower case owner name
id: export_owner
run: |
OWNER_LC="chehyeon-kim23"
echo "owner_lc=$OWNER_LC" >> $GITHUB_OUTPUT
- name: export image name
id: export_image
run: echo "image_name=tt_backend" >> $GITHUB_OUTPUT
- name: 빌드 앤 푸시
uses: docker/build-push-action@v3
with:
context: .
push: true
cache-from: type=registry,ref=ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:cache
cache-to: type=registry,ref=ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:cache,mode=max
tags: |
ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:${{ needs.makeTagAndRelease.outputs.tag_name }},
ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:latest
deploy:
runs-on: ubuntu-latest
needs: [ buildImageAndPush ]
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: 인스턴스 ID 가져오기
id: get_instance_id
run: |
INSTANCE_ID=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=TT-ec2-1" "Name=instance-state-name,Values=running" --query "Reservations[].Instances[].InstanceId" --output text)
echo "INSTANCE_ID=$INSTANCE_ID" >> $GITHUB_ENV
- name: AWS SSM Send-Command (Doppler 완전 통합)
run: |
aws ssm send-command \
--instance-ids "${{ env.INSTANCE_ID }}" \
--document-name "AWS-RunShellScript" \
--comment "Deploy with Doppler (all secrets managed centrally)" \
--parameters '{
"commands": [
"#!/bin/bash",
"set -euo pipefail",
"export HOME=/root",
"export PATH=$PATH:/usr/local/bin",
"git config --global --add safe.directory /dockerProjects/tt-src/WEB7_9_B2ST_BE",
"cd /dockerProjects/tt-src/WEB7_9_B2ST_BE/ || exit 1",
"git fetch --all",
"git reset --hard origin/develop",
"cd docker/",
"# Doppler 설정 (파일에서 토큰만 읽기)",
"export DOPPLER_TOKEN=\"$(sudo tr -d \"\\r\\n\" < /etc/tt-secrets/doppler-token)\"",
"export DOPPLER_PROJECT=tt",
"export DOPPLER_CONFIG=prd",
"# GitHub 레지스트리 로그인 (Doppler에서 GITHUB_TOKEN 주입)",
"doppler run --project \"$DOPPLER_PROJECT\" --config \"$DOPPLER_CONFIG\" -- bash -c \"echo \\$GITHUB_TOKEN | docker login ghcr.io -u ${{ github.actor }} --password-stdin 2>/dev/null\"",
"# Alertmanager 설정 파일 환경변수 치환",
"doppler run --project \"$DOPPLER_PROJECT\" --config \"$DOPPLER_CONFIG\" -- bash -lc \"envsubst < monitoring/alertmanager/alertmanager.yml > /tmp/alertmanager-resolved.yml\"",
"cp /tmp/alertmanager-resolved.yml monitoring/alertmanager/alertmanager.yml",
"rm -f /tmp/alertmanager-resolved.yml",
"# Docker Compose 실행 (모든 환경변수 Doppler에서 주입)",
"doppler run --project \"$DOPPLER_PROJECT\" --config \"$DOPPLER_CONFIG\" -- docker compose pull",
"doppler run --project \"$DOPPLER_PROJECT\" --config \"$DOPPLER_CONFIG\" -- docker compose up -d --force-recreate",
"# 정리",
"docker image prune -f",
"docker logout ghcr.io 2>/dev/null",
"echo \"✅ Deployment completed at $(date)\"",
"# 최종 상태 확인",
"doppler run --project \"$DOPPLER_PROJECT\" --config \"$DOPPLER_CONFIG\" -- docker compose ps"
]
}' \
--region ${{ secrets.AWS_REGION }}